Skip to content

How To Identify The Level of Risk in Your Merchant Portfolio

With COVID-19 continuing to make headlines and impact people and businesses worldwide, the payments industry has found itself operating in an entirely new framework of risk management. 

During this health crisis, bad actors have been hard at work, scamming and exploiting people based on fears and uncertainty. Others, wanting to take advantage of people’s benevolence, have created fake fundraisers and charities. The current climate is ripe for deception, fraud, and consumer harm. That is why both payment facilitators and others working within the payment industry must be meticulous about ensuring that their merchants are staying in legal compliance. 

The Dangers Of Having A Risky Merchant Portfolio

If a merchant acquirer happens to have risky merchants in their portfolio, the result would mean violations of Mastercard’s Business Risk Assessment and Mitigation (BRAM) and Visa’s Global Brand Protection (GBPP). These regulations were created to protect both card brands and consumers from illegal activity and anything that would bring damage to the brand. 

If a merchant acquirer is not actively monitoring its portfolio, this could result in being hit with considerable fines from that brand. In addition, your high-risk merchants can damage your reputation, incur chargebacks, and produce other legal quandaries. 

Red Flags To Look For When Monitoring Your Merchants’ Transactions

  • Shifts In Transaction Volume: Have you noticed an increase or decrease in transactions or even the types of transactions, whether keyed or swiped? Does this change make sense, given the type of business your merchant is in?
  • Multiple Transactions From Same Card: Are these transactions occurring at unusual times of the month or more often than normal? 
  • Surge In Online Volume: This could be a red-flag that the business is engaged in a “virus-related scam” of some sort.

How To Mitigate Your Risk

Merchants are no longer up to speed when it comes to doing their due diligence and monitoring their own transactions. Online criminals are too far ahead and sophisticated. This is where the acquirer comes in to update their technology, modify their procedures, and innovate at a faster pace than cybercriminals.  Here’s what you can do to greatly lower your merchant portfolio risk:

  • Have A Staunch Digital KYC Regimen: Current KYC procedures are enormously inadequate for today’s digital landscape. The first step in building a solid plan is to add a “comprehensive digital element” to existing, physical vetting methods. Seek to analyze the merchant’s digital fingerprints and use more advanced cyberintelligence solutions and products. 
  • Setup Comprehensive Merchant Monitoring: One of the most important actions you can take to mitigate risk is to have “continuous monitoring” of every merchant.  Furthermore, the “actual line of business versus claimed line of business” must be strictly monitored. 

For example, a perfectly legitimate online florist, who has passed the KYC and due diligence process can be used by a drug dealer to set up hidden transactions. They can also create a separate payment gateway through the florist. 

  • Have A Solid Compliance Program, But Don’t Forget Transaction Laundering Detection: Although many acquirers follow their compliance programs without fault, they often neglect Transaction Laundering. This can result in heavy fines and sanctions. Even if investigations are launched, their forensic tools are largely inadequate. Transaction Laundering no longer occurs with high-risk, high-volume merchants, even low-risk merchants have been discovered to engage in this and other illegal activities.

Current Onboarding Needs To Be Re-Evaluated

Merchant Service Providers (MSPs) are still spending considerable time and resources scrutinizing high risk merchants. Ironically, low-risk merchants are endangering them with compliance violations due to their illegal activity. 

MSPs must adopt a much more “holistic approach” to risk. They must begin by evaluating their entire merchant portfolio, even their seemingly harmless, low-volume, low-risk merchants.